Grindr will be fined 100 million Norwegian kroner, or about $11.7 million, by the Norwegian Data Protection Authority for illegally sharing private information about Grindr users to advertisers, according to The New York Times.
Last January, the Norwegian Consumer Council filed three complaints against Grindr for sharing personal information, including users’ locations and information about the device they were using, with advertisers. (One of those advertisers was MoPub, Twitter’s mobile ads company.) Associating that information with an individual could potentially indicate that person’s sexual orientation without their consent, and now, the Norwegian Data Protection Authority is taking action against Grindr for the practice.
Grindr has until February 15th to comment on the Norwegian Data Protection Authority’s ruling.
“We continually enhance our privacy practices in consideration of evolving privacy laws and regulations, and look forward to entering into a productive dialogue with the Norwegian Data Protection Authority,” Bill Shafton, Grindr’s VP of business and legal affairs, said in a statement to The Verge.
The app isn’t particularly well-known for taking great care of its users’ security. Grindr was caught exposing users’ HIV statuses to two other companies in April 2018, which the company has stopped doing. And with one particularly bad vulnerability, which we wrote about in October, anyone who knew your email address could potentially access your account.
Grindr has a new owner after a US government committee expressed national security concerns about the app — it was sold by its Chinese owners to investor group San Vicente Acquisition in March 2020.